Hacker News new | past | comments | ask | show | jobs | submit login

Unfortunately, this doesn't mean that it's secure. If someone breaks it, it means it's broken, but if nobody breaks it, it doesn't mean someone else can't break it (or hasn't already).



Agreed, but the tone of the previous discussion was definitely more along the lines of "This could never work, you guys don't know what you're doing."

If it proves resilient over 2.5 months of highly motivated attacks (motivated by both the money / "I-Told-You-So" factor), I think that's a fairly strong statement in their favor.


Excluding an entity like the NSA, who cares nothing for $200,000 (literally a rounding error in their budget), but everything for the information available for the taking.


While I agree with your point, immediately jumping to the NSA and their bottomless pool of resources and talent is kind of the new Godwin's law.

Logan's law: In any given discussion tangentially related to security, the thing presented as "secure" will be soon declared "definitely not secure"... because...NSA.


I actually agree with the motivation behind your argument -- it's ridiculous to pull out unknown NSA capabilities as a foil to every crypto argument.

I just wanted to point out that there were times when money was not a very good motivator for someone who could break a given encryption system.


Snowden's Law


OK, but where the hell are they going to get 2.5 months of highly motivated attacks by highly skilled people? All the people I would want looking at this aren't going to waste such a huge chunk of their time analyzing some random phone app trying to make a name for themselves for a chance at a cash reward.

Bug bounties by big name companies that are actually after bugs rather than publicity haven't miraculously made all their software perfect. And they don't have an end date either.


I agree with you here. That is why such contests are going to be permanent in Telegram. New contests like this will be launched in March 2014 or earlier if anyone wins earlier. Consider the date for breaking Telegram open.


Your interest rings a bit hollow when you define a very narrow attack surface for the bounty, and dismiss architectural criticism beyond it.


Nobody's claiming it won't work; they're claiming it will work in a way that is dangerous to its users.


i have a day job and i'm not going to drop everything for the chance i won't make any money at all... told-you-so factor or not.


I feel obligated to point out that it may be worth it if you make less than $200k in 2.5 months.


I could imagine a lot of university math students (young, hungry, nothing to lose) would be highly motivated by this.


Not quite 2.5 months.


How time flies.. I read it as Mar 31, 2014 originally and didn't realize it was already Dec 18.. Edited to reflect that it's not really 4 months.


It actually makes things worse really "no hackers can break this!" sounds good on paper, but it could just mean your adversary has more to gain by the system not being publicly broken.


I don't see how it makes things worse. Surely it shows more if you gave hackers a big incentive to crack your encryption and they still didn't, compared to them not cracking it when there was no incentive. It is evidence that the reason they did not crack it was the difficulty of the problem, not just indifference.


A 73 day deadline on no notice to crack the system in a very specific way with no pay for people who succeed after the first is not a very big incentive. How many highly compensated security experts do you expect to stop doing their jobs for the opportunity to work for free?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: